The information storage system in Tesla, apart from having the capacity to display YouTube videos, having access to Netflix, and directly being able to play off Spotify, connecting via WiFi, can also store recently contacted phone numbers.
These advantages, though, do diminish the fact that the systems need a lot of personal data. Therefore, a user tends not to notice the vast amount of information fed to these devices. This information can reveal extremely personal and sometimes even intimate facts about the owners. This could affect them terribly if it ever falls into the wrong hands.
A researcher was able to gain access to several used Tesla MCUs (media control units), over 10 of them all removed from electric vehicles during melioration. Each one of these devices had a plethora of sensitive information stored away despite already superannuating.
Contact from all previously connected phones and calendar entries are there. They also include recent WiFi and Spotify passwords, inputted addresses, and session cookies that grant access to Spotify, youtube, and even more disturbingly E-mail accounts.
Tesla has a regular procedure of taking out MCUs at their service station, most times to replace it with newer and more advanced models of the device. Authorized Tesla technicians do the removal.
However, the company leaked these used Tesla MCUs. Presumably, the company did not know about the sales.
With the research results, the company and its users are at risk. Also, the drivers suffer the risks of any vehicle that has devices onboard which store personal information.
It is, therefore, recommendable for individuals on their own to perform factory resets when selling a car. Also when returning a rented vehicle, or having an infotainment system looked upon by strangers.
While a factory reset may not be undefeatable, it’s likely to make the recovery process difficult and time-consuming enough to provide a meaningful and practical defense. It is advisable that the truly security conscious should destroy the units.